Zipper

About this one? Any clues?
Tagged:
«13456710

Comments

  • Any get past login page?
  • I did guest login but I don't see any useful data yet

  • Me too... couldn’t find anything either. Other ideas?
  • brute-force with hydra maybe?

  • edited October 25

    I can confirm that hydra was useful for me ...
    Edit: with custom userlist and wordlist. Admin or rock u will take u nowhere

    sajkox

  • @sajkox said:
    I can confirm that hydra was useful for me ...

    Damn, I can't get it to work

  • So, there are hours that I'm playing with the A** of the service and running hydra on multiple users. Seems I'm missing something. Any hint /PM is deeply appreciate :)

  • Is guessing the solution to find login page or maybe dirbuster can do something?

  • @9999volts said:
    Is guessing the solution to find login page or maybe dirbuster can do something?

    Enumeration took a while for me to finally find something. Let your enum run for a bit, it'll pop up.

    r4mzih4x

  • hi all - my inbox blew out a little bit overnight :)
    Please note I'm always happy to help but will never give working solutions out - it's against the rules.
    There might be other ways to 'get in' but I just said hydra worked for me. Get familiar with what you see as a guest and be creative with your user/pass wordlists - as you should always be if nothing else works. Also don't go crazy with full rockyou, that would be unnecessary load on the box.

    I will try to look at the inbox later - sry busy day and cant just now
    GL

    sajkox

  • @sajkox said:
    hi all - my inbox blew out a little bit overnight :)
    Please note I'm always happy to help but will never give working solutions out - it's against the rules.
    There might be other ways to 'get in' but I just said hydra worked for me. Get familiar with what you see as a guest and be creative with your user/pass wordlists - as you should always be if nothing else works. Also don't go crazy with full rockyou, that would be unnecessary load on the box.

    I will try to look at the inbox later - sry busy day and cant just now
    GL

    That's what you get for posting a comment with little context haha.
    That being said, your follow up comment was perfect, it should be very clear to everyone with out being a big spoil. Thank you for keeping it fair.

    Don't forget everyone, its rare for a creator to overlook something like a guest login, its there for a reason.

    Rantrel
    ~|OSCP|~

  • @Rantrel said:

    @sajkox said:
    hi all - my inbox blew out a little bit overnight :)
    Please note I'm always happy to help but will never give working solutions out - it's against the rules.
    There might be other ways to 'get in' but I just said hydra worked for me. Get familiar with what you see as a guest and be creative with your user/pass wordlists - as you should always be if nothing else works. Also don't go crazy with full rockyou, that would be unnecessary load on the box.

    I will try to look at the inbox later - sry busy day and cant just now
    GL

    Don't forget everyone, its rare for a creator to overlook something like a guest login, its there for a reason.

    THIS.

    Pay attention at what you read, the info you need is right there. Also, PrivEsc shouldn't take more than 10 minutes.

  • Doing zipper right now, if any one wants to PM me a hint OR leave a msg on the forum.

    -At login Page-

  • edited October 21
    I think about an user starting with Z... Just im trying rockyou against hehe.
  • Unable to execute the exploit, it throws me a ValueError error.

  • edited October 21

    So, just rooted this machine, I really had a lot of fun, thanks to the creator.

    Here some hints:

    FOR INITIAL FOOTHOLD:

    When this machine came out, I saw a difficult of 8 and I tried all esoteric things I can think out. I assumed the machine was hard, so stupid things just cannot works.
    I was wrong! Keep things simple: everything is in front of your face.

    NOTE: If you are facing problems with Hydra syntax, test it against your local proxy or try xhydra, the GUI version.

    ### FOR USER:

    Read the documentation and try to send custom requests until you understood well the app jargon and how each component works.
    There are more than one way to do the same thing, and if you doesn't work, try the other.

    FOR ROOT:

    Nothing fancy: a very common 'method' of privesc, typical in a lot of CTF challenges. Again, keep things simple.

  • Please lower your hydra threads please, you are DDOS'ing the box by holding all of the database connections.

  • edited October 21
    Is hydra neccesary? Maybe a small list or just guessing.
  • No hydra is not necessary, and if you want to use it, no need for a big list but a custom one from what you can read on the webapp.

  • edited October 21

    removed

    sajkox

  • @sajkox said:
    I can confirm that hydra was useful for me ...

    FFS- this is BULLSHIT. Do not bother brute-forcing the admin - it is #POINTLESS.

    I've seen the password and it isn't 'rockyou123'. Google is your friend.

    izzie

  • @izzie said:

    @sajkox said:
    I can confirm that hydra was useful for me ...

    FFS- this is BULLSHIT. Do not bother brute-forcing the admin - it is #POINTLESS.

    I've seen the password and it isn't 'rockyou123'. Google is your friend.

    it is not bs - it was useful for me. You don't need to use it if you connect the dots and try everything manually.
    Nowhere in here it says to brute admin or use rockyou (quite the opposite) so where is this aggro coming from ? Just because you assumed it means something else it doesn't make sense anymore ?
    Would love to hear how google helped you - I owned it now and still can't find anything using google that would have helped me get through the first stage - feel free to PM me saying what you mean by google friend.

    sajkox

  • Hi. I was able to guess a username and password, but when I try to log in I see the following message: "GUI access disabled.".

    Can anybody tell me how to bypass this? Thanks!!

  • GUI isnt the only way to access that.

  • edited October 22

    So I'm in the same boat as @barango, I have the user/pass and getting the GUI access disabled. I tried a CLI browser as well as basic connection tools but none allow me access to the admin portion. I am curious if the specific CLI tool is the way I need to go though.

    Edit (the first edit was to finish my initial message)

    I got it, I just needed to read a bit more. Now on to getting a shell.

  • Any hint for privilege escalation, I'm stuck.. I've already have a reverse shell :cold_sweat:

  • I am confused for the MSF module Zabbix as its saying "Unexpected HTTP body (is this really Zabbix?

    The Rapid7 code says its looking for a 200 return code, which I can see the server returning in my PCAP.

  • This box is frustrating. Not because it's hard, but everyone loves to reset the damn thing.

  • edited October 22

    Initially tried a list of generated user/pass combinations of ~150, and then a list closer to 2000 based on all the view-able content in the pages (and what the starting creds could have been) but no dice. If the creds should be obvious I'm clearly missing something here.

    EDIT: I got it - I just wasn't paying close enough attention to results.

  • Box was okay i guess; For the starting foothold don't start using hydra or anything related to cracking any login portal, everything can be guessed over and the exploitation for the reverse shell is easy as it can gets. For the root part well it was a common easy root part user was a lot harder to achieve. TIPS : Take a look as a guest user the hostname and the services you can guess the logins, and use searchsploit zabbix to locate the needed exploit for the reverse. The only think that i disliked was the cron job killing the sessions every now and then.

    Frey

Sign In or Register to comment.